Generation of a watermark being unique to a receiver of a multicast transmission of multimedia

ABSTRACT

A method, apparatus and system for distributing multimedia data in an efficient way using multicast transmission, whereby each receiver is provided with his own unique identifier in the form of a watermark and also additional information, typically global information for instance to comply with DRM rules, in the same watermark.

FIELD OF THE INVENTION

The present invention is related to the field of transmission ofmultimedia to multiple receivers, and more particularly to a method andapparatus for the generation of watermarks being unique to a receiver ofa multicast transmission of such media. As used herein, the term“multimedia” can be any type of media such as video, sound etc,typically distributed in the form of a stream of data packets.

BACKGROUND

Multicast transmissions provides efficient one-to-many or many-to-manytransmission of multimedia in a distribution network, typically in anInternet environment. A source transmits multimedia in the form ofpacket data to a group of receivers typically identified by a single IPdestination address. Multicast transmissions are well suited for largescale transmissions of multi-media because of scalability; each networklink in the distribution network has to transport only one copy of eachdata packet regardless of the number of receivers.

Authentication and confidentiality can be solved by means of encryptionof the data; however, there is still a problem with receivers thatretransmit unencrypted data to other receivers. Basic encryption is notsufficient to protect information. One way to detect whom the illegalcopy originated from is fingerprinting, i.e embedding uniqueinformation, typically a watermark, into each copy of the original datathat identifies the receiver receiving the copy.

In unicast transmissions, the number of copies required is multipliedwith the number of receivers, which of course implies drawbacks forlarge scale transmissions. However, it is easy to trace from whom anillegal copy originated, since slightly different copies can betransmitted to each receiver.

In “Large Scale Distributed Watermarking of multicast media throughencryption”, Parvianninen Roland, Parnes Peter, Department of ComputerScience/Centre for Distance Spanning Technology, 2001, it is disclosed amethod in which each receiver of a multicast session receives a streamof data having a different unique watermark, while still retaining thescalability of a multicast transmission. The watermarked streams can beused to trace receivers who make unauthorized copies of the stream.However, this document does not disclose how to provide additionalinformation in the stream of data, which is required for instance tocomply with digital right management rules (DRM). The implementation ofadditional information must fulfill a number of basic requirements suchas not significantly affecting the perceptual quality of an image, avideo sequence or a sound; it must also be robust to transformationsand/or operations that can be applied to the image, video sequence orsound such as color transformation, geometric transformation,translation or rotation, data compression such as JPEG/MPEG, noise, D/A,A/D conversions, image smoothing etc.

SUMMARY OF THE INVENTION

An object of the invention is to provide a method for the generation ofwatermarks being unique to a receiver of a multicast transmission ofmultimedia, which also provide additional information, for instance tocomply with DRM rules, without creating significant visible and/oraudible artefacts in the media.

According to the present invention this is realized in a method ofgenerating a watermark being unique to a receiver of a multi-casttransmission of multimedia data in the form of data packets, comprisinga multimedia stream with a multi-bit capacity in a single layer forstoring additional information. The principal advantage is that with onesingle layer of watermarks both global information such as copyrightinformation and user specific information can be embedded with minimumsignal degradation. In this way, embedding of multiple watermarkstypically in multiple layers can be avoided. This is of importance,since embedding watermarks for instance by stacking them onto each otheris a potential source for introduction of perceptible artefacts in thecontent of the media.

In non-multicast environments a different solution may be used by simplyallocating a portion of the watermarks bits for the additionalinformation and a portion of the bits for user specific informationtypically fingerprint information. However, since the invention findsapplication in multicast environments such a solution will not befurther discussed in this document.

The present invention also provides apparatus and system for performingthe method disclosed above.

In a first aspect of some preferred embodiments thereof, the inventionprovides an efficient method for combining fingerprint- and copyrightwatermarks by means of one single watermark algorithm in a multicastenvironment. In another aspect of the invention, also more watermarksmay be deployed. For example, different data packets may be embeddedwith watermarks from different algorithms. This is still a single-layerwatermark, but with different watermark algorithms.

In a second aspect of some preferred embodiments thereof, the inventionprovides a copy of each data packet to which a receiver has accessdetermined by a sequence of random encryption keys which are sent priorto transmitting.

In a third aspect of some embodiments thereof, the invention providesmore than two copies of each data packet.

There is provided, in accordance with a preferred embodiment of theinvention, a method of generating a watermark being unique to a receiverof a multicast transmission of multimedia data in the form of datapackets, said method comprising the following steps:

-   -   transmitting from a source at least two different copies of each        data packet having different watermarks, at least a first        watermark and a second watermark, respectively,    -   encrypting said copies differently, preferably by means of        different encryption keys,    -   providing each receiver access to only one of said two copies,        thereby providing each receiver with an unique resulting data        stream comprising data packets having first and second        watermarks, wherein the order in which the first and second        watermarks are present in the resulting stream provides the        unique watermark,    -   providing the data stream with a multi-bit capacity in a single        layer for storing additional information.

Preferably, the additional information is global information such ascopyright information, producer information and owner information.

Preferably, the source and the receivers are linked together by means ofa distribution network such as the Internet.

In a fourth aspect of some preferred embodiments thereof, the inventionprovides source and receivers linked together by a distribution networkbased on radio, typically a mobile telephone network such as aGPRS-network, or 3-G network.

There is further provided, in accordance with a preferred embodiment ofthe invention, a source for transmitting multimedia data to receivers ofa multi-cast transmission, said source comprising operational meansfurther comprising or being connectable to transmitting and encryptionmeans which together:

-   -   read data packet i,    -   create two watermarked copies V₀[i], V₁[i] of data packet i,    -   get two encryption keys SK[2 i-1) and SK[2 i],    -   encrypt the watermarked copies of data packet i C₀[i]=E(V₀[i],        SK[2 i-1] and C₁[i]=E(V₁[i], SK[2 i]),    -   add additional information, typically global information such as        copyright using the data packets,    -   transmit C₀[i] and C₁[i] together with i, where i=1, 2, . . . ,        k, via a network to the receivers.

By means of this method, fingerprint- and global watermarks can beprovided using one single watermark algorithm, or multiple watermarksalgorithms may be used while still embedding a single-layer watermark.

In a fifth aspect of some preferred embodiments thereof, the inventionprovides the operational means, transmitting means and encryption meansimplemented as software.

There is further provided, in accordance with a preferred embodiment ofthe invention, a receiver for receiving multimedia data comprisingreceiving and decrypting means, which together:

-   -   receive two packets: C₀[i] and C₁[i],    -   get the decryption key for packet i: RKr[i],    -   try to decrypt both packets with key RKr[i],    -   receive global information,    -   whereby only one packet will decrypt into a proper data packet:        Vji[i]=D(Cj[i], RKr[i]), ji ε{0, 1}    -   decode and render Vji[i].

According to another preferred embodiment of the invention, thereceiving means are arranged to receive more than two data packetsand/or the decrypting means are arranged to decrypt more than two datapackets.

There is further provided, in accordance with a preferred embodiment ofthe invention, a system comprising a source, receivers and anintervening distribution network for realizing a method of generating awatermark being unique to a receiver of a multicast transmission ofmultimedia data in the form of data packets, said method comprising thefollowing steps:

-   -   transmitting from a source at least two different copies of each        data packet having different watermarks, at least a first        watermark and a second watermark, respectively,    -   encrypting said copies differently, preferably by means of        different encryption keys,    -   providing each receiver access to only one of said two copies,        thereby providing each receiver with an unique resulting data        stream comprising data packets having first and second        watermarks, wherein the order in which the first and second        watermarks are present in the resulting stream provides the        unique watermark,    -   providing the data stream with a multi-bit capacity in a single        layer for storing additional information.

A fingerprinted media data stream may decrease illegal copying of themedia content, since the origin or the buyer of the media stream can beidentified. This can be the only option for pure software solutionswhere tamper resistant hardware is impossible to implement.

A principal aspect of the invention is to provide one single watermarkthat provides both identifiers for tracking and comprises additionalinformation. This and other aspects of the invention will be apparentfrom and elucidated with reference to the embodiments(s) describedhereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic representation of a system according to apreferred embodiment of the invention.

FIG. 2 illustrates an example of a media stream of data packetstransmitted from the source.

FIG. 3 illustrates an example of a fingerprinted media streamtransmittable from a receiver of a multimedia multicast transmission.

DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 shows a system for IP multicasting comprising a source 1, forinstance a server, and receivers R₁, R₂, . . . R_(n), for instanceclients, of which only three are shown. The number of receivers aretypically more than 100 000 in a typical Internet multicast environmentbut is by no means limited thereto. The source 1 and the receivers R₁,R₂, . . . R_(n) are linked together by means of a distribution network 2such as the Internet. Other types of networks are of course alsopossible, but will not be further disclosed in conjunction to thisembodiment.

The source 1 has to access k data packets: P[1], P[2], . . . P[k] and anencryption algorithm E provided in operational means 10 furthercomprising or connectable to transmitting and encryption means 20 suchthat a cover object P=D(E(P, K), K). That is, E(P, K) encrypts the k:thdata packet P[k] with an encryption/decryption key bank k and D(P, K) bymeans of decryption means 30 decrypts the cover object P. A watermarkingalgorithm W: P_(w)=W(P, w), w=U(P_(w)) and at least two differentwatermarks, a first watermark w₀ and a second watermark w₁ (illustratedin FIG. 2) are also required. The number of watermarks is not limited totwo but can be any suitable number. However, herein only two watermarksare described because of simplicity. Furthermore, the watermarks do nothave to be constant and according to a preferred embodiment of theinvention, the watermarks can change with time as long as they are notidentical, and the source keeps track of them.

The source 1 sends at least two different copies V₀[i], V₁[i] of eachdata packet P[1], P[2], . . . P[k], each having a different watermarkw₀, w₁. Both copies V₀[i], V₁[i] of the data packets P[1], P[2], . . .P[k] are encrypted with two different, random encryption keys SK[1],SK[2], . . . , SK[2 k]. The encrypted data packets are then sent to allreceivers R₁, R₂, . . . R_(n) by means of multicast transmission via adistribution network 2, preferably in an Internet environmenthereinafter called “IP multicast”. Any given receiver R₁, R₂, . . . ,R_(k) has access to only one of the encryption keys of one data packet.

The watermarking algorithm W embeds the watermark w in the cover objectP, and an detection algorithm U extracts the watermark (w) from themarked object P. A detection algorithm that detects if the watermark (w)is still present can be used instead: U(Pw, w)=B, B ε{true, false}. Thesource needs 2 k random encryption keys, SK[1], SK[2], . . . , SK[2 k]to be able to transmit the data packets of the media stream. A receiverR₁, R₂, . . . R_(n) has access to k of these keys SK[1], SK[2], . . . ,SK[2 k]: either a receiver key RK_(r) is RK_(r)[i]=SK[2 i-1] orRK_(r)[i]=SK[2 i], i={1, 2, . . . , k}.

In FIG. 1, the transmission of encryption keys is not showed in detail.Different strategies may be deployed for this. For instance, keys may betransmitted via the Internet if a channel can be authenticated.

To transmit data packet k, according to a preferred embodiment of theinvention, the source 1 performs the following method steps:

-   -   read data packet i P[i],    -   create two watermarked copies V₀[i], V₁[i] of data packet i,    -   get two encryption keys SK[2 i-1] and SK[2 i],    -   encrypt the watermarked copies V₀[i], V₁[i] of data packet i        C₀[i]=E(V₀[i], SK[2 i-1] and C₁[i]=E(V1[i], SK[2 i]),    -   add additional global information such as copyright using the        data packets    -   transmit C₀[i] and C₁[i] together with i.

FIG. 2 illustrates an example of a media stream of data packetstransmitted from the source. A first packet P[1] and a k:th packet P[k]are shown to illustrate how each packet comprises two differentencrypted packets V₀[i], V₁[i], which are provided with two differentwatermarks w₀ and w₁, respectively.

Now is again referred to FIG. 1.

At the receiver side, according to a preferred embodiment of theinvention, each receiver R₁, R₂, . . . R_(k) receives both packets andtries to decrypt them in the following way by means of the method steps:

-   -   receive two packets: C₀[i] and C₁[i],    -   get the decryption key for packet i: RKr[i],    -   try to decrypt both packets with the decryption key RKr[i],    -   receive global information,    -   whereby only one packet will decrypt into a proper data packet:        Vji[i]=D(Cj[i], RKr[i]), ji ε{0, 1},    -   decode and render Vji[i].

For each data packet the receiver will be able to decode exactly one ofthe watermarked packets. Which of the two packets is decided by the keysthe source has assigned to the receiver.

FIG. 3 illustrates an example of a fingerprinted media stream Stransmittable from a receiver of a multimedia multicast transmission.The media streams comprise data packets having different watermarks. Astream from a first receiver R₁ does not correspond to a stream fromanother receiver. Therefore, each receiver will have his ownfingerprinted resulting stream.

If the keys a receiver have access to is unique among all receivers andknown by the source, a unique identity string for that user can bedefined:Idr=Br[1], Br[2], . . . Br[k], Br[i]ε(0, 1).

The identity string can be derived by the source from both keys given tothe receiver and the resulting stream from the receiver. From the keysthe source sent to the receiver:

-   -   Br[i]=0 if RKr[i]=SK[2 i-1]    -   Br[i]=1, if RKr]i]=SK[2 i]

From the resulting stream for the user:

-   -   Br[i]=0, if U(Vji)=w₀    -   Br[i]=1, if U(Vji)=w₁ Br[i]=undefined, if neither C₀[i] nor        C₁[i] was received or decrypted

If the receiver does not receive all packets, due to for example packetloss or that the receiver tuned in late, the identity strings will notmatch completely. If n is large enough, the partial identity string willbe long enough to be unique among all receivers although some bits areundefined.

Since two copies have to be sent for each data packet, the bandwidthusage has to be doubled for the source and the receivers. Preferably,the bandwidth can be reduced by optimizations. Other demands arise ofcourse, if more than two copies are sent, which is within the scope ofthe invention.

At any given time, only one of two watermarked packets is actuallyuseful for a single receiver since the other packet cannot be decrypted.If two copies were sent on different multicast groups the receivers canhop between the groups by joining and leaving them as the group thecorrect packet is transmitted on changes. In this approach it is notonly necessary to send the keys to each receiver but also which streamto receive; in such a case one extra bit for each key is required. Alsothis is within the scope of the invention, but will not be furtherdisclosed, since unfortunately, the join/leave latency for IP multicasttransmission is currently too large for this approach. Also, if morethan one receiver is on the same network segment most saving is lost.

An alternative way of watermarking could be to watermark one (1) inevery x packet, thus reducing the bandwidth requirement to (1+1/x) timesthe bandwidth of the original stream. Unfortunately, a maliciousreceiver could remove these watermarked packets and retransmit theresulting degraded stream if x is large. It is therefore necessary to besure that the degradation is large enough to discourage removal ofwatermarked packets. One example of this is to only watermark to the Iframes of an MPEG video stream or only watermark the last ten minutes ofa movie. Also this is within the scope of the invention.

The receiver can be treated as long a term key distributed byout-of-band means when the users registers, either as a downloadablefile, preferably protected by SSL/TLS or delivered to the user on afloppy or cdrom. All these solutions have problems when revocation ofaccess is considered. The keys can also be continuously streamed to theusers, which is within the scope of the invention.

The amount of keys that each receiver requires depends on the requiredsecurity. The total size of the keys for one receiver is thenkeys*keysize. A cryptographic secure random number generator can alsogenerate the bitmasks instead to further reduce storage needs at thesource.

Preferably, the key is a 56 bit key, since an attacker has to break asufficient amount of keys to get enough packets to create anunidentifiable watermarked stream. Any other suitable number of bits isof course evident for a person skilled in the art to use withoutdeparting from the invention. Preferably, the keys are generated priorto transmission by the source and stored in files.

It is assumed that it is not possible to either remove the watermark orbreak the encryption in a reasonable time. It is also assumed that theattacker cannot steal the non-watermarked stream from the source bybreaking into the server. If the encryption algorithm is broken anattacker can choose the final watermarked stream and make traitortracing impossible, but if the encryption algorithm is chosen with careand with large enough key size and the keys are generated properly thiscan be avoided. The problem of revoking access for a receiver is notconsidered; however this would require new keys to be transmitted.

If a large enough number of receivers collaborate, p, at least k/p ofthe original bits from one of the streams will always remain. This canbe solved, but is not discussed in this document, since it is welldescribed in prior art.

The invention can for instance be implemented in an existing Javaapplication system for audio transmission over multicast using MPEG-1audio compression standard. Preferably, “Blowfish” is chosen asencryption algorithm.

No active network elements are required or tamper-resistant smart-cards.The watermarks that make up the fingerprints are not fixed to a certainnumber of bits or restricted in format, but can be any format thewatermarking algorithm requires for robustness. To avoid attacks it isalso possible to increase the number of watermarks in one media stream.

As used in the following claims, the words “comprise” or “include” ortheir conjunctions means “including, but not necessarily limited to.

1. A method of generating a watermark being unique to a receiver of amulti-cast transmission of multimedia data in the form of data packets,said method comprising the following steps: transmitting from a source(1) at least two different copies (V₀[i], V₁[i]) of each data packet(P[1], P[2], . . . , P[k]) having different watermarks, at least a firstwatermark (w₀) and a second watermark (w₁), respectively, encryptingsaid copies (V₀[i], V₁[i]) differently, preferably by means of differentencryption keys SK[1], SK[2], . . . , SK[2 k], providing each receiver(R₁, R₂, . . . , R_(n)) access to only one of said two encrypted copies,thereby providing each receiver (R₁, R₂, . . . , R_(n)) with an uniqueresulting data stream (S) comprising data packets having first andsecond watermarks (w₀, w₁), wherein the order in which the first andsecond watermarks (w₀, w₁) are present in the resulting stream (S)provides the unique watermark, providing the data stream (S) with amulti-bit capacity in a single layer for storing additional information.2. A method according to claim 1, wherein the additional information isglobal information.
 3. A method according to claim 2, wherein theadditional information is at least one of copyright information,producer information, and owner information.
 4. A method according toclaim 1, wherein source (1) and the receivers (R₁, R₂, . . . , R_(n))are linked together by means of a distribution network (2) such as theInternet.
 5. A method according to claim 1, wherein the copy (V₀[i],V₁[i]) to which a receiver (1) has access is determined by a sequence ofrandom encryption keys (SK[1], SK[2], . . . , SK[2 k]) which are sentprior to transmitting.
 6. A method according to claim 5, wherein thekeys (SK[1], SK[2], . . . , SK[2 k]) are generated prior to transmissionby the source (1) and stored in files.
 7. A method according to claim 1,wherein the watermarks that are generated change with time as long asthey are not identical, and the source keeps track of them.
 8. A methodaccording to claim 1, wherein the watermarks that are generated are morethan two.
 9. A method according to claim 1, wherein also an identitystring derived by the source from both keys given to the receiver andthe resulting stream is generated.
 10. A method according to claim 1,wherein bandwidth usage is reduced by optimizations, for instance by notwatermarking all packets, for instance by watermarking last ten minutesof a movie.
 11. A source (1) for transmitting multimedia data toreceivers (R₁, R₂, . . . , R_(n)) of a multicast transmission, saidsource comprising operational means (10) further comprising orconnectable to transmitting and encryption means (20) which together:read data packet i P[i], create at least two watermarked copies V₀[i],V₁[i] of data packet i, get two encryption keys SK[2 i-1] and SK[2 i],encrypt the watermarked copies V₀[i], V₁[i] of data packet iC₀[i]=E(V₀[i], SK[2 i-1] and C₁[i]=E(V1[i], SK[2 i]), add additionalinformation, typically global information such as copyright using thedata packets, transmit C₀[i] and C₁[i] together with i, where i=1, 2, .. . , k, via a network to the receivers (R₁, R₂, . . . R_(n)).
 12. Asource according to claim 11, wherein the operational means (10),transmitting means and encryption means (20) are implemented assoftware.
 13. A receiver for receiving multimedia data comprisingreceiving and decrypting means (30), which together: receive at leasttwo packets: C₀[i] and C₁[i], get the decryption key for packet i:RKr[i], try to decrypt both packets with key RKr[i], receive globalinformation, whereby only one packet will decrypt into a proper datapacket: Vji[i]=D(Cj[i], RKr[i]), ji ε{0, 1}, decode and render Vji[i].14. A system comprising a source (1), receivers (R₁, R₂, . . . , R_(n))and an intervening distribution network (2) for realizing a method ofgenerating a watermark being unique to a receiver (R₁, R₂, . . . ,R_(n)) of a multicast transmission of multimedia data in the form ofdata packets, said method comprising the following steps: transmittingfrom a source (1) at least two different copies (V₀[i], V₁[i]) of eachdata packet (P[1], P[2], . . . , P[k]) having different watermarks, afirst watermark (w₀) and a second watermark (w₁), respectively,encrypting said copies differently, preferably by means of differentencryption keys SK[1], SK[2], . . . , SK[2 k], providing each receiver(R₁, R₂, . . . , R_(n)) access to only one of said two copies (V₀[i],V₁[i]), thereby providing each receiver with an unique resulting datastream (S) comprising data packets having first and second watermarks,wherein the order in which the first and second watermarks (w₀, w₁) arepresent in the resulting stream (S) provides the unique watermark,providing the data stream (S) with a multi-bit capacity in a singlelayer for storing additional information.
 15. A system according toclaim 14, wherein the source is a server and the receivers are clients.